First published: Wed Feb 27 2008(Updated: )
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
NetWin SurgeFTP | =2.3a2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.